[jbossseam-issues] [JBoss JIRA] Closed: (JBSEAM-1024) Switching to HTTPS using scheme attribute does not work for custom http and https ports

Shane Bryzak (JIRA) jira-events at lists.jboss.org
Tue Mar 13 23:30:47 EDT 2007 

     [ http://jira.jboss.com/jira/browse/JBSEAM-1024?page=all ]

Shane Bryzak closed JBSEAM-1024.
--------------------------------

    Fix Version/s: 1.2.1.GA
       Resolution: Done

Ports can now be optionally specified in components.xml for http and https schemes, like this:

 <core:pages http-port="8080" https-port="8043"/>

> Switching to HTTPS using scheme attribute does not work for custom http and https ports
> ---------------------------------------------------------------------------------------
>
>                 Key: JBSEAM-1024
>                 URL: http://jira.jboss.com/jira/browse/JBSEAM-1024
>             Project: JBoss Seam
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 1.2.0.GA, 1.1.7.CR1
>            Reporter: H K
>         Assigned To: Shane Bryzak
>            Priority: Minor
>             Fix For: 1.2.1.GA
>
>
> If you use custom http and https ports (say, 8080, 8443), the switching to https does not work using the 'scheme' attribute in the pages.xml.  The reason is that in Pages.encodeScheme() the server port is calculated by looking at the request url, this port will be 8080, while the correct port that needs to be in the new url should be 8443.
> Also, it would be great if the documentation could be updated to include a warning for people with proxied environments.  That is, depending on how your proxied environment is setup, using scheme might result in an infinity redirect loop. Here is how this could happen:  lets say you have a webserver that can handle both http and https, however, this webserver can only talk http with the appserver. Now, if you mark a page such as 'login.xhtml' with scheme = https, then if the user types https://www.somedomain.com/login.seam, the webserver will be sending http://www.somedomain.com/login.seam to the appserver. When Seam looks at it, it will ask the browser to redirect to https again, resulting in an infinity redirect loop.  
> Should I open a different JIRA issue for the documentation update?

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the seam-issues mailing list